[squid-users] The issue NTLM_AUTH with --require-membership-of

WANG TOM chinaid at msn.com
Thu Feb 21 08:35:41 UTC 2019


Hi All,

Recently, I tried to configure a squid (4.5 on CentOS 7) proxy service with Microsoft Windows 2012 Active Directory authentication, but got a problem with "--require-membership-of" option.
----------------------------------------------------------------------------------------------
When I use "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic"
Everything goes will, I can use my AD username and password to login and surf the internet by squid proxy services.
----------------------------------------------------------------------------------------------
But if I use "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='IBM\Domain Users'"
OR "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='IBM\Domain Users'"
Then always gets "1550654743.129      0 192.168.0.1 TCP_DENIED/407 4252 CONNECT www.youtube.com:443 - HIER_NONE/- text/html",
Internet Explorer ask me to login again and again and again... I am sure I used correct domain, username and password, but everything is not work.
----------------------------------------------------------------------------------------------
And I have tested run ntlm_auth directly, it looks successfully.
"ntlm_auth --require-membership-of='IBM\Domain Users' --username=Administrators --password=123456
NT_STATUS_OK: The operation completed successfully. (0x0)"
----------------------------------------------------------------------------------------------
I have no idea what I have missed or made mistake, could someone can help.

Thanks!

Best regards.
TOM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190221/fb94ff37/attachment.html>


More information about the squid-users mailing list